Sign up or log in to save this to your schedule and see who's attending!

IoT devices are almost certainly going to become insecure over time due to newly discovered vulnerabilities. An over-the-air (OTA) update mechanism is required to fix devices deployed in the field. When the environment in which the devices operate allows attackers to tamper with them, then it becomes important that the devices not only detect attempts to modify the OS while running, but also while the device was powered off.

Patrick Ohly is the maintainer of meta-integrity and meta-swupd, two layers which make the Linux Integrity Measurement Architecture (IMA) and the Clear Linux OS swupd update mechanism available to Linux distributions built with Yocto/OpenEmbedded. This talk will compare these two approaches against several alternatives (dm-verity, OSTree, ...) and explain how to use these layers.

Patrick Ohly is a software engineer at Intel GmbH, Germany. In the past he has worked on performance analysis software for HPC clusters ("Intel Trace Analyzer and Collector") and cluster technology in general (PTP and hardware time stamping, included in Linux since 2.6.30). Since... Read More →